VulGAI: vulnerability detection based on graphs and images

Abstract

Deep learning models have been widely used in the field of vulnerability detection. Deep learning-based vulnerability detection methods can automatically learn code patterns. Some methods consider processing codes as text sequences to achieve scalable vulnerability detection. They leverage natural language processing models to extract code features. These methods do not consider the code's semantic structure and treat code slices as text. Vulnerability detection methods based on graph structures and graph neural networks are more accurate than text-based methods. However, these methods lack scalability in practice. Both graph generation and graph neural network training are all time-consuming. We propose a vulnerability detection method based on graphs and images (VulGAI). VulGAI choose the more reasonable node centrality to generate the image. It can preserve program details and distinguish node importance from different perspectives. In addition, we design a more efficient CNN model, which reduces computational overhead and improves detection performance (Time and Accuracy). We implement VulGAI and evaluate six methods (VulDePecker, SySeVR, Devign, VulCNN, mVulPreter, and VulGAI) on 40,657 functions. Experimental results show that VulGAI achieves higher Accuracy, TPR, and F1-Score than the others. In addition, we compare VulGAI and VulCNN on 30270 real-world functions. VulGAI outperforms VulCNN by 1.48 times in the number of TP. VulGAI is about 3.9 times faster than VulCNN in detection time.